CVE-2026-29052

Name of the Vulnerable Software and Affected Versions HumHub Calendar module versions prior to 1.8.11

Description The Calendar module for HumHub allows users to create and manage events. A stored cross-site scripting (XSS) issue exists in the Event Types functionality of the Calendar module for versions prior to 1.8.11. This impacts users viewing events created by an administrative account. The issue allows an attacker to inject malicious scripts into the application through the Event Types feature. The vulnerability is triggered when a user views events created by an administrative account.

Recommendations Update to HumHub Calendar module version 1.8.11 or later.